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(54) Apparatus and methods for routerless layer 3 forwarding in a network 



(57) A layer 3 forwarding method for layer 3 forward- 
ing an individual packet from a station I to a station II 
wherein the packet's layer 2 destination includes a rout- 
er within the network which is reachable from a network 
element A via which stations I and II are connected to 
the network, the router storing ARP information, the 
method including providing network element A with a ca- 



pability to perform layer 3 forwarding of a packet from 
station I to station II, wherein the providing step includes 
learning, on the part of network element A, of forwarding 
information used by the router to forward packets from 
station I to station II, by reading the ARP information of 
the router and performing layer 3 forwarding on the in- 
dividual packet, at network element A. 
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Description 

FIELD OF THE INVENTION 

[0001] The present invention relates to networks and 
apparatus and methods for switching in networks. 

BACKGROUND OF THE INVENTION 

[0002] Local area networks (LANs) and IP networking 
are well known in the art. LANs and IP networking in 
general and in particular relevant aspects of IP routing 
and ARP are described in the following publications: 

International Standard for MAC Bridging: Std 
802.1D, IEEE, 1993, 

Virtual LANs (VLANs) standard: 802.1Q, IEEE, 
1998, 

LANE Standard: LAN Emulation Over ATM Version 
2 -- LUNI Specification, af-lane-0084.00, ATM Fo- 
rum, July 1 997, available over the Internet at www. 
atmforum.com, 

MPOA standard: Multi-Protocol Over ATM Specifi- 
cation v1.0, af-mpoa-0087.000, ATM Forum, July 
1 997, available over the Internet at www.atmforum. 

com, 

"Layer 3 switches", InfoWorld magazine, June 1, 
1998 (Vol. 20, Issue 22), available over the Internet 
from www.infoworld.com, 

the following Internet RFC documents, which are 
available over the Internet from, for example, the 
IETF home page at www.ietf.org: IP - RFC 791 ("In- 
ternet Protocol"), ARP - RFC 826 ('Address Reso- 
lution Protocol"), RFC 1812 ("Requirements for IP 
version 4 Routers"), RFC 1700 ("ASSIGNED NUM- 
BERS"), RFC 1256 ("ICMP Router Discovery Mes- 
sages"), SNMP- RFC 1157 ("Simple Network Man- 
agement Protocol"), RFC 1213 ("Management In- 
formation Base for Network Management of TCP/ 
IP-based internets: MIB-II"), VRRP - RFC 2338 
("Virtual Router Redundancy Protocol") and HSRP 
- RFC 2281 ("Cisco Hot Standby Router Protocol"), 

[0003] Most routing-switches/switch-routers/layer- 
3-switches known today follow the same network archi- 
tecture principles as traditional routers, in the sense that 
each switch is a routing entity, running routing protocols 
and requiring the configuration and maintenance of a 
router. If such layer 3 switches are installed centrally on- 
ly in some locations in the network, while the rest of the 
network switches are layer 2 only, then the performance 
of layer 3 forwarding is limited. In order to achieve a dis- 
tributed layer 3 switching system, such that the function 
of layer 3 forwarding is done in the most appropriate 
point in the network, this design calls for many or all of 
the network switches to be layer 3 switches. This re- 
quires the configuration and maintenance of multiple 
routing entities in the local area network, which is a sig- 



nificant configuration burden. 

[0004] Some switching systems are designed around 
the concept of a central routing server with distributed 
layer-3 forwarding engines. These systems require a 

s special protocol to communicate forwarding information 
between the routing server and the layer 3 forwarding 
engines. Some of these systems implement the MPOA 
standard for ATM networks. In Ethernet networks these 
protocols are proprietary requiring that the routing serv- 

io er and all layer 3 forwarding devices be from a single 
vendor, limiting the user's choice. Also, the introduction 
of such systems into an existing network requires a ma- 
jor change to the network. 

[0005] Some ideas for layer 3 switching based on au- 
'5 tomatic learning of IP stations have been published. 
These are used by switches that front end a router to 
enhance its forwarding performance, and are not de- 
scribed as extended to network-wide distributed layer 3 
switching systems. Such switches can perform layer 3 
20 (IP) switching without being a router, i.e. without being 
known to stations as routers and without requiring the 
configuration that routers do. They assume the exist- 
ence of a router in the network, use it as default forward- 
erand automatically learn information about IP stations. 
25 [0006] The disclosures of all publications mentioned 
in the specification and of the publications cited therein 
are hereby incorporated by reference. 

SUMMARY OF THE INVENTION 

30 

[0007] A preferred embodiment of the present inven- 
tion seeks to provide a network in which the function of 
layer 3 forwarding is distributed among multiple switch- 
es in the network without any of the multiple switches 

35 necessarily being a router. The system shown and de- 
scribed herein does not necessarily follow the 'routing 
per port' approach common with modern layer 3 switch- 
es. The layer 3 forwarding is not always performed by 
the switch that is closest to the source, rather it may be 

40 performed by a switch that is on the path from the router 
to the destination, in addition to being on the path from 
the source to the router. 

[0008] Another preferred embodiment of the present 
invention seeks to allow a switch (or switches) to boost 

45 an entire network, rather than boosting a specific router. 
This embodiment is useful, for example, in providing dis- 
tributed layer 3 forwarding in switched Ethernet net- 
works. Another application is in networks including 
Ethernet and ATM-LANE wherein the present invention 

so is useful in providing high performance layer 3 switch- 
ing, instead of or in addition to MPOA (multi-protocol 
over ATM). 

[0009] In the network-boosting embodiment, the 
switch does not necessarily know the MAC address(es) 
55 of the router(s) . Rather, the switch preferably performs 
the layer 3 forwarding function by itself to packets that 
require layer 3 forwarding, whether these packets are 
addressed at the MAC layer to a single router or to dif- 
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ferent routers. The switch preferably identifies the pack- 
ets as requiring layer 3 forwarding by means other than 
recognition of the packet's destination MAC address as 
being that of the router. Typically, the switch may identify 
packets requiring layer 3 forwarding by discerning that 
the destination MAC address of the received packet is 
different than the MAC address known to the switch as 
corresponding to the destination IP address of the pack- 
et. 

[0010] There is thus provided, in accordance with a 
preferred embodiment of the present invention, a meth- 
od by which a network element, having a plurality of 
ports, performs layer 3 forwarding within a network in- 
cluding at least one router, the method including identi- 
fying, for each router in the network, at least one of the 
plurality of ports, via which the router is reachable, as 
an upstream port with respect to the router, and identi- 
fying at least one other ports as downstream ports with 
respect to the router, and, upon receiving a packet 
whose layer 2 destination is the router, performing layer 
3 forwarding if the network element is in possession of 
forwarding information indicating that the packet's layer 
3 destination is reachable via any of the downstream 
ports with regard to the router. 

[0011] Further in accordance with a preferred embod- 
iment of the present invention, a packet on which layer 
3 forwarding is not performed by the network element is 
forwarded by the network element at layer 2. 
[0012] Further in accordance with a preferred embod- 
iment of the present invention, the packet has a layer 3 
source and a layer 3 destination which are in different 
subnets. 

[0013] Still further in accordance with a preferred em- 
bodiment of the present invention, the method also in- 
cludes learning the forwarding information. 
[0014] Additionally in accordance with a preferred 
embodiment of the present invention, the forwarding in- 
formation includes the VLAN ID corresponding to the 
layer 3 destination of the packet. 
[0015] Still further in accordance with a preferred em- 
bodiment of the present invention, the forwarding infor- 
mation includes the layer 2 address corresponding to 
the layer 3 destination of the packet. 
[0016] Additionally in accordance with a preferred 
embodiment of the present invention, the forwarding in- 
formation is learned at least partly by analyzing packets 
passing though the network element. 
[0017] Further in accordance with a preferred embod- 
iment of the present invention, the forwarding informa- 
tion is learned entirely by analyzing packets passing 
though the network element. 

[0018] Still further in accordance with a preferred em- 
bodiment of the present invention, the forwarding infor- 
mation is learned at least partly by analyzing ARP-pack- 
ets passing through the network element. 
[0019] Further in accordance with a preferred embod- 
iment of the present invention, the forwarding informa- 
tion is learned at least partly by analyzing IP-packets 



passing through the network element. 
[0020] Still further in accordance with a preferred em- 
bodiment of the present invention, the forwarding infor- 
mation is learned at least partly by analyzing layer 3 

s packets passing through the network element whose 
source layer 2 address is an address of a router. 
[0021] Also provided, in accordance with another pre- 
ferred embodiment of the present invention, is a layer 3 
forwarding method for layer 3 forwarding an individual 

io packet from a station I to a station 1 1 wherein the packet's 
layer 2 destination includes a router within the network 
which is reachable from a network element A via which 
stations I and II are connected to the network, the router 
storing ARP information, the method including providing 

'5 network element A with a capability to perform layer 3 
forwarding of a packet from station I to station II, wherein 
the providing step includes learning, on the part of net- 
work element A, of forwarding information used by the 
router to forward packets from station I to station II, by 

20 reading the ARP information of the router, and perform- 
ing layer 3 forwarding on the individual packet, at net- 
work element A. 

[0022] Further in accordance with a preferred embod- 
iment of the present invention, the step of reading the 
25 ARP information includes using an SNMP mechanism 
to read the ARP information. 

[0023] Also provided , in accordance with another pre- 
ferred embodiment of the present invention, is a method 
by which a network element, having a plurality of ports, 

so performs layer 3 forwarding, using forwarding informa- 
tion, within a network including at least one router the 
method including determining, upon receiving a packet, 
whether or not the packet requires layer 3 forwarding, 
without using any information regarding the identity of 

35 the router and performing layer 3 forwarding if the pack- 
et requires layer 3 forwarding and if all necessary for- 
warding information is available, and performing layer 2 
forwarding otherwise. 

[0024] Further in accordance with a preferred embod- 
40 iment of the present invention, the layer 3 source of the 
packet and the layer 3 destination of the packet are in 
different subnets. 

[0025] Further in accordance with a preferred embod- 
iment of the present invention, the method also includes 
45 learning forwarding information useful for performing 
the layer 3 forwarding step. 

[0026] Still further in accordance with a preferred em- 
bodiment of the present invention, the forwarding infor- 
mation includes the VLAN ID corresponding to the layer 

so 3 destination of the packet. 

[0027] Further in accordance with a preferred embod- 
iment of the present invention, the forwarding informa- 
tion includes the layer 2 address corresponding to the 
layer 3 destination of the packet. 

55 [0028] Still further in accordance with a preferred em- 
bodiment of the present invention, the forwarding infor- 
mation includes information pertaining only to stations 
whose IP addresses have been designated by the user 
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as being eligible to be learned. 
[0029] Still further in accordance with a preferred em- 
bodiment of the present invention, the forwarding infor- 
mation is learned at least partly by analyzing packets 
passing though the network element. 
[0030] Additionally in accordance with a preferred 
embodiment of the present invention, the forwarding in- 
formation is learned entirely by analyzing packets pass- 
ing though the network element. 
[0031] Still further in accordance with a preferred em- 
bodiment of the present invention, the forwarding infor- 
mation is learned at least partly by analyzing ARP-pack- 
ets passing through the network element. 
[0032] Further in accordance with a preferred embod- 
iment of the present invention, the forwarding informa- 
tion is learned at least partly by analyzing IP-packets 
passing through the network element. 
[0033] Still further in accordance with a preferred em- 
bodiment of the present invention, the forwarding infor- 
mation is learned at least partly by analyzing layer 3 
packets passing through the network element whose 
source layer 2 address is an address of a router. 
[0034] Further in accordance with a preferred embod- 
iment of the present invention, layer 3 forwarding is per- 
formed on the packet by the network element only if the 
layer 2 address corresponding to the packet's layer 3 
destination, as known to the network element, is differ- 
ent than the destination layer 2 address of the packet. 
[0035] Still further in accordance with a preferred em- 
bodiment of the present invention, a packet on which 
layer 3 forwarding is not performed by the network ele- 
ment is forwarded by the network element at layer 2. 
[0036] Further in accordance with a preferred embod- 
iment of the present invention, layer 3 forwarding of the 
packet is performed by the network element only if the 
destination layer 2 address of the packet is known to the 
network element to be reachable via a port that is differ- 
ent than the port from which the packet was received at 
the network element. 

[0037] Still further in accordance with a preferred em- 
bodiment of the present invention, the packet is discard- 
ed if the destination layer 2 address of the packet is 
known to the network element to be reachable via the 
port from which the packet was received at the network 
element. 

[0038] Further in accordance with a preferred embod- 
iment of the present invention, the performing step in- 
cludes changing the source layer 2 address of the pack- 
et to a layer 2 address of network element A. 
[0039] Also provided, in accordance with another pre- 
ferred embodiment of the present invention, is a system 
by which a network element, having a plurality of ports, 
performs layer 3 forwarding within a network including 
at least one router, the system including a port identifier 
operative, for each router in the network, to identify at 
least one of the plurality of ports, via which the router is 
reachable, as an upstream port with respect to the rout- 
er, and to identify at least one other ports as downstream 



ports with respect to the router, and a layer 3 forwarding 
unit operative, upon receiving a packet whose layer 2 
destination is the router, to perform layer 3 forwarding if 
the network element is in possession of forwarding in- 
s formation indicating that the packet's layer 3 destination 
is reachable via any of the downstream ports with regard 
to the router. 

[0040] Also provided , in accordance with another pre- 
ferred embodiment of the present invention, is a layer 3 

io forwarding system for layer 3 forwarding an individual 
packet from a station I to a station 1 1 wherein the packet's 
layer 2 destination includes a router within the network 
which is reachable from a network element A via which 
stations I and II are connected to the network, the router 

'5 storing ARP information, the system including a learning 
unit operative to provide network element A with a ca- 
pability to perform layer 3 forwarding of a packet from 
station I to station II, wherein the providing step includes 
learning, on the part of network element A, of forwarding 

20 information used by the router to forward packets from 
station I to station II, by reading the ARP information of 
the router, and at network element A, a layer 3 forward- 
ing unit for layer 3 forwarding of the individual packet. 
[0041] A system by which a network element, having 

25 a plurality of ports, performs layer 3 forwarding, using 
forwarding information, within a network comprising at 
least one router, the system including apparatus for de- 
termining, upon receiving a packet, whether or not the 
packet requires layer 3 forwarding, without using any in- 

so formation regarding the identity of the router and appa- 
ratus for performing layer 3 forwarding if the packet re- 
quires layer 3 forwarding and if all necessary forwarding 
information is available, and for performing layer 2 for- 
warding otherwise. 

35 [0042] It is appreciated that when an element I is said 
to be connected to a network "via an element II", ele- 
ment I need not necessarily be directly connected to el- 
ement II. In other words, element I is a descendant of, 
but not necessarily a son of, element II. 

40 [0043] The term "network element" includes any de- 
vice through which packets pass while traversing the 
network including any type of switches, including but not 
limited to LAN switches; MAC switches; Ethernet 
switches; Ethernet edge devices; switches with Ether- 

45 net ports and at least one ATM ports, operating LANE 
and optionally also MPOA; MAC bridges; layer 3 switch- 
es; multi-layer switches and routing switches. 
[0044] The term "station" includes any device origi- 
nating or receiving packets including but not limited to 

so workstations, computers, printers, servers and routers. 
[0045] The term "router" includes any device that is 
known to a station as a router or gateway via which off- 
subnet destinations can be reached, including but not 
limited to routers, layer 3 switches, multi-layer switches 

55 and routing switches. 

[0046] The phrases "routing a packet", "performing a 
routing function on a packet", "layer 3 forwarding of a 
packet" and the like, are substantially equivalent. For 
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example, these phrases may refer to IP forwarding as 
defined in RFC 1812. 

[0047] The term "subnet" is intended to be a general 
term referring to a set of stations having common char- 
acteristics, such as an IP subnet, an IP net, etc. 
[0048] It is appreciated that the present invention is 
applicable to networks having only one router but also 
to networks having many routers. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0049] The present invention will be understood and 
appreciated from the following detailed description, tak- 
en in conjunction with the drawings in which: 

Fig. 1 is a simplified flowchart illustration of a switch- 
ing method constructed and operative in accord- 
ance with a preferred embodiment of the present 
invention; 

Fig. 2A is an example of a network provided in ac- 
cordance with the method of Fig. 1 ; 
Fig. 2B is an example of an IP table of network el- 
ement C of Fig. 2A; 

Fig. 2C is an example of a MAC table of network 
element C of Fig. 2A; 

Fig. 3 is a simplified flowchart illustration of a pre- 
ferred packet flow sequence in a switch or other net- 
work element such as network elements A and C in 
Fig. 2A; 

Fig. 4 is a simplified flowchart illustration of a pre- 
ferred flow control sequence occurring in a switch 
or other network element such as network elements 
A and C in Fig. 2A; 

Fig. 5 is a simplified diagram of flow control in a 
switch or other network element such as network 
element A in Fig. 2A; 

Fig. 6 is a diagram of an example of a network con- 
structed and operative in accordance with another 
preferred embodiment of the present invention; 
Fig. 7A is an example of an IP table of network el- 
ement A of Fig. 6; 

Fig. 7B is an example of a MAC table of network 
element A of Fig. 6; 

Fig. 7C is an example of a learning control table for 
network element A of Fig. 6; 
Fig. 8 is a simplified flowchart illustration of packet 
flow in a network element such as network element 
A of Fig. 6; and 

Fig. 9 is a simplified flowchart illustration of a pre- 
ferred flow control sequence in a network element 
such as network element A of Fig. 6. 

DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS 

[0050] Reference is now made to Figs. 1 - 5 which 
illustrate a switching method constructed and operative 
in accordance with a first embodiment of the present in- 



vention. 

[0051] Fig. 1 is a simplified self-explanato flowchart 
illustration of a switching method constructed and oper- 
ative in accordance with a first embodiment of the 

s present invention. 

[0052] Fig. 2A is a simplified block diagram of a re- 
sulting network constructed and operative in accord- 
ance with a first embodiment of the present invention. 
The layer 3 forwarding function for IP packets from sta- 

io tion I to station II is performed by switch C and not by 
switch A. The "switches" of Fig. 2A may each in fact 
comprise any suitable network element and need not 
necessarily be switches. 

[0053] The lack of requirement to perform the layer 3 
'5 function in the switch closest to the source eliminates 
the main problem that alternative designs deal with, 
which is how that switch acquires the necessary layer 3 
forwarding information. The common approach requires 
that switch to be a full router, thereby to obtain all infor- 
20 mation. The routing server approach calls for special 
protocols by which the routing server conveys the nec- 
essary layer 3 forwarding information to that switch. 
None of these is necessary if routing is not required to 
be performed at the switch closest to the source, since 
25 that switch does not need any information other than in- 
formation it can easily learn by itself. If the switch that 
performs the layer 3 switching function is on the path 
from the router to the destination it can easily learn all 
the information needed from packets passing through it. 
30 [0054] In addition, in the embodiment of Figs. 1 - 5, a 
switch, when performing the standard layer 3 forwarding 
function for an IP packet, typically writes the router's 
MAC address in the source MAC address field of the 
forwarded packet. If this function is performed by switch 
35 A for a packet from station I to station II then this results 
in a packet, having the router's MAC address as source, 
being transmitted from switch A into the switching sys- 
tem in the direction of the router. If the switching system 
includes simple standard switching devices, the MAC 
40 learning mechanism is confused by seeing the same 
MAC address coming in from two different directions, 
from the router and from switch A, resulting in network 
connectivity problems. This difficulty is preferably sub- 
stantially eliminated in the embodiment of Figs. 1 - 5. 
45 Each switch performs layer 3 forwarding only for traffic 
going in a direction other than toward the router. The 
switch port via which the router is reachable is referred 
to as the upstream port, and the switch only performs 
layer 3 forwarding between downstream ports. To all 
so stations and devices downstream of the switch (i.e. 
reachable via a downstream port of the switch), the 
packets routed (forwarded at layer 3) by the switch ap- 
pear just as if they were routed by the router. 
[0055] Distributing the layer 3 forwarding function in 
55 the network in such a way that each switch only per- 
forms layer 3 forwarding between downstream ports has 
additional advantages such as for security. For exam- 
ple, a network may be installed in a building in which 
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network traffic between floors is subject to access re- 
striction but the traffic is not subject to any restrictions 
between stations on the same floor. Access control 
packet filtering in this case can be configured to the 
backbone switch only (e.g. switch C of Fig. 2A) with no 
access control configuration at all at the floor switches 
(e.g. switches A and B of Fig. 2A), since these never try 
to route packets to other floors. 
[0056] This implies that the floor switches can be sim- 
pler and less expensive than the backbone switch and 
can have different filtering capabilities and even not sup- 
port packet filtering at all. User ability to comprehend 
and predict which switch performs the layer 3 switching 
function for which sort of packets can also imply simpler 
configuration of the access control packet filtering rules. 
[0057] This distribution of the layer 3 forwarding func- 
tion yields no problem with scaling performance, due to 
the assumption that all the switches can forward traffic 
at wire speed both at layer 2 and at layer 3. The packets 
typically follow a certain path from source to destination. 
Therefore, the exact location in that path in which the 
layer 3 function is performed does not affect the overall 
performance of the switching function. 
[0058] According to the first embodiment of the 
present invention described in Figs. 1 - 5, the switch ac- 
quires knowledge regarding the router's MAC address 
and the identity of the switch port through which the rout- 
er is reachable. One way for the switch to acquire this 
knowledge is to require that the IP address of the router 
be provided to the switch via manual configuration. The 
switch may then learn the rest by sending ARP requests 
to the router and learning from the ARP replies. Another 
way for the switch to acquire this knowledge is for the 
switch to learn about the router automatically by identi- 
fying routing protocol messages (e.g RIP, OSPF, IGRP, 
EIGRP) and/or ICMP router discovery protocol messag- 
es, and learning the source address of these messages. 
[0059] There may be more than a single router known 
to the switches. If so, then all switch activities described 
in this invention relating to 'the router' are typically per- 
formed for each of the routers. Specifically, packets are 
learned if sent by any one of the routers, packets are 
forwarded at layer 3 by the switch if their destination 
MAC address is that of any of the routers, etc. When the 
methods of the present invention are used in a network 
containing multiple routers, the method typically takes 
into account occurrences in which the multiple routers 
back each other up, using router redundancy mecha- 
nisms. These mechanisms include (but are not limited 
to) HSRP and VRRP, and may involve having to know 
an additional MAC address representing a 'virtual rout- 
er'. This MAC address is acquired by the switch using 
the same methods described above, or via manual con- 
figuration. 

[0060] The apparatus and methods of the present in- 
vention may be used in networks in which Virtual LANs 
(VLANs) are deployed. In such a network the router and 
the switch may be able to communicate VLAN informa- 



tion. Alternatively, the router may be unaware of VLANs 
and connected to the switch via some sort of a 'global' 
port that forwards packets of all VLANs. Alternatively, 
the router may be connected to the switching system via 
s multiple interfaces, one per VLAN. In such cases the 
switch may need to be aware of multiple MAC address- 
es of the router and how they correspond to the different 
VLANs. 

[0061] If there are multiple routers in a network which 
io includes Virtual LANs, the switch may need to know 
which MAC addresses correspond to the same router, 
in order for the switch to use the appropriate source 
MAC address when forwarding packet at layer 3. The 
switch can acquire this knowledge from manual config- 
'5 uration or by automatic means such as by monitoring, 
via SNMP, some of the router databases, such as the 
IP address table and Interface table from the standard 
MIB-II. 

[0062] The switch automatically learns about IP sta- 
20 tions, and the forwarding information necessary to per- 
form layer 3 forwarding of packets destined at those sta- 
tions. This information includes the destination MAC ad- 
dress to be used when forwarding a packet to that IP 
station at layer 3. Additional information may be learned 
25 too, such as the VLAN ID. The information may be 
learned by any suitable method such as but not limited 
to any one of or any combination of the methods de- 
scribed below. 

[0063] In the embodiment of Figs. 1 - 5, the switch is 

so aware of the upstream port, the port through which the 
router is reachable, and typically avoids learning any 
station reachable through that port. The learning mech- 
anism of Figs. 1 - 5 is preferably dynamic and includes 
being updated about stations moves and changes. If an 

35 |p station known to the switch is moved such that it is 
now reachable through the upstream port, then the 
switch removes that station from its database of IP sta- 
tions. The IP learning process may receive indications 
about station moves and changes from the MAC learn- 

40 ing process of the switch. There may be an aging proc- 
ess on the learned information, and user configuration 
may control the characteristics of the aging mechanism 
as well as controlling the types of stations to which it is 
applied (e.g. faster aging for remote IP stations that are 

45 reachable via another router). 

[0064] Preferred learning methods include: 

a. learning the destination of IP packets sent from 
the router i.e. learning from packets whose source 

so MAC address is the MAC address of the router and 
whose destination IP address is the IP address of 
the learned station 

b. Learning the source of ARP packets, either ARP 
requests or ARP replies, or both 

55 c. Learning the destination of ARP replies 

d. Learning the source of IP packets, either all or 
only those from local subnets or those that belong 
or that do not belong to pre-configured IP address 
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ranges 

e. Learning the source of IP packets sent to or from 
certain MAC addresses or those that are explicitly 
not sent to or from certain MAC addresses (e.g. IP 
packets sent to the MAC address of the router but 
do not have the MAC address of another router as 
their source MAC address). 

f . Learning from the router's ARP tables or other da- 
tabases that can be read from the router using 
SNMP or other mechanism. 

g. Learning from user configuration. 

[0065] In the embodiment of Figs. 1 - 5, the switch 
imitates the router and handles packets in the same way 
that the router would handle the same packets. This 
way, the first of a stream of packets to a certain station 
may be unknown to the switches and routed by the rout- 
er, but subsequent packets are routed by the switch, 
having learned all the necessary information from the 
first packet. 

[0066] According to the embodiment of Figs. 1 - 5, 
each packet whose destination MAC address is the rout- 
er's MAC address, and whose destination IP address is 
known to the switch, is forwarded at layer 3 (i.e. routed) 
by the switch. Exception packets, like those having IP 
options or TTL that equals zero, may not be routed by 
the switch and instead may be forwarded at layer 2. The 
switch preferably forwards at layer 3 according to the 
standard routing function, including checking packet va- 
lidity, replacing the MAC header, decrementing TTL and 
updating the checksum. The switch writes the router's 
MAC address or another MAC address in the source 
MAC address field of the packet. Alternative designs 
can use the same learning methods and avoid some 
parts of the standard routing function, like forwarding the 
packet without changing its source MAC address, orfor- 
warding the packet without changing anything other 
than the destination MAC address, or even forwarding 
the packet without checking that the packet destination 
MAC address is that of the router. 
[0067] The layer 3 forwarding process in the switch 
may be combined with access control packet filtering 
mechanisms, that may result in blocking packets and/or 
in forwarding them at layer 2. 

[0068] According to the embodiment of Figs. 1 - 5, 
each packet whose destination MAC address is the rout- 
er's MAC address, and whose IP destination is unknown 
to the switch, is typically switched at layer 2 and is hence 
forwarded toward the router. It is then either forwarded 
at layer 3 by another switch on the path to the router, or 
reaches the router and is routed by it. 
[0069] There are different cases where the packet 
reaches the router, such as the following cases: 

a. Special types of packets that are not handled by 
the switch and are always forwarded at layer 2, such 
as packets with IP options. 

b. Packets that go beyond the router, like packets 



sent from A to D in the network of Fig. 2A. The des- 
tination D may never be learned by the switches, 
such that D is always unknown to the switches A 
and C and all packets to D are switched by switches 

s A and C at layer 2. 

c. Local packets that go back to stations in the 
switched network that are yet unlearned by the 
switches. The amount of local traffic going through 
the router is small, since the appropriate switches 

io soon learn the new station from analyzed packets 
and start handling such traffic themselves. 

[0070] Fig. 2B is an example of an IP table 70 of net- 
work element C of Fig. 2A. As shown, the IP table of 
'5 network element C typically stores the IP and MAC ad- 
dresses of each station downstream of network element 
C. 

[0071] Fig. 2C is an example of a MAC table of net- 
work element C of Fig. 2A. As shown, the MAC table of 

20 network element C typically stores, for each MAC entity 
within a MAC network of network element C, the MAC 
entity's MAC address and the port of network element 
C via which the network element C forwards packets to 
that MAC entity. The MAC network of a network element 

25 typically includes all MAC entities (network elements, 
routers or stations), which are connected to that network 
element either directly or via a switch or bridge but not 
via a router. 

[0072] Reference is now made to Fig. 3which isasim- 
so plified generally self-explanatory flowchart illustration of 
preferred packet flow in a switch, such as packet flow in 
network element A and in network element C, in Fig. 2A. 
Explanations regarding certain of the steps now follow: 
[0073] WAIT FOR PACKET (step 1 00) - The system 
35 waits for a packet to arrive and upon its arrival, activates 
step 110. 

[0074] IP? (step 1 1 0) - The frame is identified as being 
of type IP. For example, on Ethernet networks, a frame 
with Ethertype 0x800 carries an IP packet. 

40 [0075] ARP? (step 120) - The frame is identified as 
being of type ARP. For example, on Ethernet networks, 
a frame with Ethertype 0x860 carries an ARP packet. 
[0076] SRC MAC DOWNSTREAM (step 130) - the 
source MAC address of the packet is not unknown, i.e. 

45 is found in the MAC-table 80 of Fig. 2C and the port cor- 
responding to it in the MAC-table 80 of Fig. 2C is not the 
port through which the router is reachable. 
[0077] SENDER IP LEARNING (optional step 140) - 
read the sender IP address from the ARP message in 

so the packet. Find in the IP-table 70 of Fig. 2B the record 
corresponding to this IP address. If there is no such 
record in the table 70 of Fig. 2B then create one. Read 
the source MAC address from the sender hardware ad- 
dress field of the ARP message in the packet. Write this 

55 MAC address into the MAC address field of that record 
in IP-table 70 of Fig. 2B. 

[0078] UNI CAST? (step 1 50) - The packet is a unicast 
packet if its destination MAC-address is a unicast MAC 
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address. 

[0079] NORMAL I P PACKET (step 1 60) - The I P pack- 
et is valid according to the definition in RFC 1B12. In 
addition, the IP packet is of version 4, does not contain 
any IP options and TTL is greater than 1. 
[0080] SRC MAC = ROUTER? (step 170) - In this 
step, the source MAC address of the packet is checked. 
If it is equal to the MAC address of a router, then the 
packet is known to have been originated or forwarded 
by the router. 

[0081] DEST MAC DOWNSTREAM (step 180) - the 
destination MAC address of the packet is not unknown, 
i.e. is found in the MAC-table 80 of Fig. 2C and the port 
corresponding to it in the MAC-table 80 of Fig. 2C is not 
the port through which the router is reachable. 
[0082] DEST IP LEARNING (step 1 90) - read the des- 
tination IP address from the IP header of the packet. 
Find in IP-table 70 of Fig. 2B the record corresponding 
to this IP address. If there is no such record in the table 
70 of Fig. 2B then create one. Read the destination MAC 
address from the MAC header of the packet. Write this 
MAC address into the MAC address field of that record 
in IP-table 70 of Fig. 2B. Read the source MAC address 
from the MAC header of the packet. Write this MAC ad- 
dress into the router's MAC field of that record in the IP 
table 70 of Fig. 2B. 

[0083] SRC MAC DOWNSTREAM? (step 200) - The 
source MAC address field of the packet is checked 
against the MAC table 80 of Fig. 2C : to determine wheth- 
er or not the port the MAC address is mapped to is a 
downstream port. In Fig. 2A, switch C has two down- 
stream ports (ports 1 and 2) and one upstream port (port 
3)- 

[0084] SRC IP LEARNING - (optional step 210) - 
read the source IP address from the IP header of the 
packet. Find in IP-table 70 of Fig. 2B the record corre- 
sponding to this IP address. If there is no such record 
in the table 70 of Fig. 2B then create one. Read the 
source MAC address from the MAC header of the pack- 
et. Write this MAC address into the MAC address field 
of that record in IP-table 70 of Fig. 2B. 
[0085] DEST MAC = ROUTER? (step 220) - the des- 
tination MAC address of the packet is one of the MAC 
addresses of the router. This identifies the packet as one 
that may have to go through a routing (layer 3 forward- 
ing) function. The source and destination IP addresses 
of the packet, i.e. the originating station and the receiv- 
ing station, are likely to be in different IP nets or subnets. 
[0086] FIND DEST IP IN IP-TABLE (step 230) - The 
IP-table 70 of Fig. 2B is searched in order to find a record 
that matches the destination IP address of the packet. 
[0087] FOUND? (step 240) - If a record matching the 
destination IP address of the packet was found in IP- 
table 70 by step 230 then do step 250. Otherwise, do 
step 260. 

[0088] IP FORWARDING (step 250) - typically, the 
standard I P forwarding function as defined in RFC 1 81 2, 
including decrementing TTL by one and updating the IP 



checksum accordingly. In addition - replacing the source 
MAC address with the router's MAC address and replac- 
ing the destination MAC address with the MAC address 
found in the record in IP-table 70 of Fig. 2Bcorrespond- 
s ingtodest-IP. 

[0089] MAC SWITCHING (step 260) - the standard 
MAC switching function as defined in IEEE standard 
802. 1D, including learning and updating the MAC-table 
80 of Fig. 2C. 

10 [0090] Fig. 4 is a simplified flowchart illustration of 
flow control in a switch, in accordance with a first em- 
bodiment of the present invention. 
[0091] IP-TABLE AGING (step 300) - every 30 sec- 
onds delete all records from the IP-table 70 of Fig. 2B. 

is [0092] MAC LEARNING INDICATION (step 310) - in- 
dication is received from the MAC learning process in 
the switch that a certain MAC address was either re- 
moved from the MAC-table 80 of Fig. 2C or has changed 
port. This may be the result of the MAC learning process 

20 learning the new information from a received packet or 
operating an aging function on the MAC-table 80 of Fig. 
2C. 

[0093] DELETED? (step 320) - If the indication re- 
ceived in step 310 indicates removal of a MAC address 

25 from MAC-table 80, then perform step 340. Otherwise, 
i.e. if the indication received in step 310 indicates that a 
MAC address has changed port, then perform step 330. 
[0094] NEW PORT IS UPSTREAM? (step 330) - the 
port associated with this MAC address in the MAC-table 

so 80 of Fig. 2C has changed, and the new port is the port 
through which the router is reachable. 
[0095] DELETE FROM IP-TABLE (step 340) - remove 
from the IP-table 70 of Fig. 2B all the records that specify 
the said MAC address in their MAC address field. 

35 [0096] IGNORE (step 344) -do nothing. 

[0097] Also provided , in accordance with another pre- 
ferred embodiment of the present invention, is a layer 3 
switching method for layer 3 forwarding an individual 
packet from a station I to a station 1 1 wherein the packet's 

40 layer 2 destination comprises a router within the network 
which is reachable from a network element A via which 
stations I and II are connected to the network, the router 
typically storing forwarding information such as ARP in- 
formation. The method includes providing network ele- 

45 ment A with a capability to perform a routing function on 
a packet, routing the packet from station I to station II, 
wherein the providing step comprises learning, on the 
part of network element A, of forwarding information 
used by the router to perform layer 3 forwarding of pack- 
so ets from station I to station II, by reading forwarding (e. 
g. ARP) information from the router and performing a 
routing function on said individual packet, at network el- 
ement A. The router's forwarding (e.g. ARP) information 
may be read using an SNMP mechanism. 

55 [0098] Fig. 5 is a simplified flowchart illustration of 
preferred flow control in a switch, in accordance with the 
above-described embodiment of the present invention. 
At initialization time (step 350), and every e.g. 30 min- 
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utss (step 370), the router's ARP table is read (step 360) 
into the IP table 70 of Fig. 2B. For example, this process 
may be carried out as follows: SNMP get-next requests 
are sent to the IP address of the router, where the re- 
quest's object identifier specifies the net-to-media table 
defined in MIB-II (RFC 1213). All information in the IP- 
table 70 of Fig. 2B is replaced with the information re- 
ceived from the router's SNMP replies. 
[0099] Another preferred embodiment of the present 
invention is now described with reference to Figs. 6 - 9. 
The embodiment of Figs. 6 - 9, like the embodiment of 
Figs. 1 - 5, enables layer 3 switching to take place net- 
work wide i.e. at the network's switches without any of 
the network's switches necessarily being a router. 
[01 00] The embodiment of Figs. 6 - 9 allows the switch 
(or switches) to boost the entire network, rather than a 
specific router. The switch is not necessarily aware that 
the router's MAC address(es) are, in fact, MAC address- 
es of a router. Rather, the switch performs the layer 3 
forwarding function by itself to packets that require layer 
3 forwarding, whether these packets are addressed at 
the MAC layer to a single router or to different routers. 
The switch does not necessarily identify the packets as 
requiring layer 3 forwarding by recognizing the packet's 
destination MAC address as the address of the router. 
The switch may perform this identification by other 
means as described below. 

[0101] The switch automatically learns about IP sta- 
tions, and the forwarding information necessary to per- 
form layer 3 forwarding of packets destined at those sta- 
tions. This information includes the destination MAC ad- 
dress to be used when layer 3 forwarding a packet to 
that IP station. Additional information may be learned 
too, such as the Virtual LAN (VLAN) ID. The information 
may be learned by any suitable method such as but not 
limited to any one of or any combination of the methods 
described below. 

[0102] The learning mechanism is preferably dynamic 
and includes being updated about station changes. 
There may be an aging process on the learned informa- 
tion, and user configuration may control the character- 
istics of the aging mechanism. 
[0103] Preferred learning methods include: 

* Learning the source of ARP packets, either ARP re- 
quests or ARP replies or both 

* Learning the destination of ARP replies 

* Reading, from IP packets, information regarding the 
source of these IP packets and using this informa- 
tion not to learn new stations but rather only to re- 
fresh information, learned by another method, re- 
garding stations already known to the switch. 

* Learning from the source fields of at least some IP 
packets. 

* Learning from the destination fields of at least some 
IP packets. 

[0104] Optionally, the switch may allow the user to 



control the learning mechanism by configuring which IP 
stations are eligible to be learned for layer- 3-switching 
and which are not eligible to be learned. Only stations 
that are eligible to be learned are added to the IP table 
s such that packets to them are then routed. Stations that 
are not eligible to be learned never get into the table so 
packets to them are never routed by this switch. In other 
words, packets to the stations that are not eligible to be 
learned are never forwarded at layer 3 by this switch but 
io rather are always switched at layer 2. In this way, the 
user ensures that packets for those stations reach a 
router or another switch that may have extended capa- 
bilities in areas such as access control and traffic mon- 
itoring. One possible configuration to support this tea- 
's ture includes a "learning control table" storing a list of 
eligible IP address ranges. An eligible IP address range, 
e.g. an IP subnet, is a range of IP addresses which are 
all eligible to be learned. Alternatively, an ineligible IP 
address range may be stored comprising a range of IP 
20 addresses which are all ineligible to be learned. 

[0105] For example, the learning control table 470 of 
Fig. 7C includes a list of IP address ranges e.g. IP sub- 
nets. Each IP address range may be defined by an IP 
address and a mask. The learning control table, in the 
25 illustrated embodiment, is utilized to store all eligible IP 
address ranges. Alternatively, the learning control table 
may be utilized to store all ineligible IP address ranges. 
Alternatively, the learning control table may include an 
additional field storing a flag indicating whether or not 
so the address range corresponding to the flag is eligible 
or ineligible to be learned. 

[0106] The switch examines each received packet 
and identifies whether it requires layer 3 forwarding. 
This does not have to be based on whether the packet 
35 has a destination MAC address of a router, and the 
switch is not required to know that the router's MAC ad- 
dress is in fact the MAC address of a router. A packet 
typically requires layer 3 forwarding if all of the following 
2 conditions are met: 

40 

(a) the destination MAC address of the received 
packet is known to the switch (i.e. is found in the 
MAC table 80 of Fig. 2C); and 

the port number in the MAC table (Fig. 2C) 
45 corresponding to the destination MAC address of 
the received packet is not the port from which the 
packet was received. 

(b) the destination I P address of the received packet 
is known to the switch (i.e. is found in the IP table 

so 70 of Fig. 2B); and 

the destination MAC address of the received 
packet is different than the MAC address corre- 
sponding to the destination IP address of the pack- 
et, as found in the IP table of Fig. 2B. 

55 

[0107] Condition (a) is important in order to avoid 
packet duplication in the case in which the destination 
MAC address of the packet is reachable via the port from 
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which the packet was received. In this case the station 
or router, to which the packet was destined at the MAC 
layer, receives the packet and handles it itself. 
[0108] The method of the present invention can also 
work without checking condition (a) if restrictions are ap- 
plied to the network structure ensuring no such case can 
occur. An example of such a restriction can be that no 
'shared LAN' segments are connected to the switch, and 
instead, the switch connects only stations or routers. 
[01 09] Condition (b) is important in order to avoid rout- 
ing (i.e. forwarding in layer 3) of intra-subnet packets, i. 
e. packets sent between stations in the same IP subnet. 
Such packets are not destined at any router and are 
meant to be forwarded at layer 2 (i.e. switched) . If the 
switch forwarded, at layer 3, packets that do not meet 
condition (b), it would not make any change to the des- 
tination MAC address anyway. Though not the preferred 
embodiment, the method of the present invention can 
also work without checking condition (b). 
[0110] Each packet identified as requiring layer 3 for- 
warding, typically as defined above, is forwarded at lay- 
er 3 (i.e. routed) by the switch. Exception packets, like 
those having IP options or TTL that equals zero, may 
not be routed by the switch and instead may be forward- 
ed at layer 2 such that they reach the router to which 
they are destined at the MAC layer and are handled by it. 
[0111] When the switch forwards at layer 3, it does so 
preferably according to the standard routing function, in- 
cluding checking packet validity, replacing the MAC 
header, decrementing TTL and updating the checksum. 
The switch writes its own MAC address in the source 
MAC address field of the packet. The switch may have 
multiple MAC addresses on different VLANs, in which 
case the MAC address used as source is the one ap- 
propriate to the VLAN on which the packet is sent, i.e. 
the VLAN of the destination station. Alternative designs 
can use the same learning and packet identification 
methods and avoid some parts of the standard routing 
function, like forwarding the packet without changing an- 
ything except the destination MAC address. 
[0112] The layer 3 forwarding process in the switch 
may be combined with some access control packet fil- 
tering mechanisms, that may result in blocking the pack- 
ets and/or in forwarding them at layer 2. 
[0113] Each packet not identified as requiring layer 3 
forwarding (as defined above) is switched at layer 2. 
This includes packets that do require routing but their 
destination address is not known to the switch. Such 
packets will be routed by the router to which they are 
destined at the MAC layer (or will be routed by another 
switch which is on the forwarding path to that router). 
The destination of such packets can be a remote IP ad- 
dress, that is only reachable via a router, and may never 
be learned by the switch, but it can also be an I P address 
of a station within the local network, that could be 
reached from the switch without going through a router. 
Such local IP addresses will be learned automatically 
by the switch, hence in general the amount of local traffic 



going through routers in the network is small, since the 
appropriate switches will soon learn the new stations 
and will start handling such traffic themselves. 
[0114] Specifically referring to Figs. 6 - 9: 

s [0115] Fig. 6 is a diagram of an example of a network 
constructed and operative in accordance with another 
preferred embodiment of the present invention. As 
shown, ports 1 and 2 of switch A are mapped to two 
respective VLANs whose ID numbers are 5 and 8. 

to [0116] Fig. 7A is an example of an IP table 450 of net- 
work element A of Fig. 6. Each record in the IP table 
contains an IP address, andaMAC-address and VLAN- 
ID to which packets having this IP-address should be 
forwarded. Each record also includes a learned-flag in- 

'5 dicating how up to date is the information in the other 
fields of the record. More generally, a router may also 
have an IP address (not shown) in which case a record, 
dedicated to that router, is typically added to the IP table 
450 of Fig. 7A. 

20 [0117] Fig. 7B is an example of a MAC table 460 of 
network element A of Fig. 6. 

[011 8] Fig. 7C is an example of a Learning Control ta- 
ble 470 of network element A of Fig. 6. As described 
above, the learning control table 470 of Fig. 7C includes 

25 a list of IP address ranges e.g. IP subnets. Each IP ad- 
dress range may be defined by an IP address and a 
mask. The learning control table may store all eligible 
IP address ranges or all ineligible IP address ranges or 
may include an additional field (not shown) storing a flag 

so indicating whether or not the address range correspond- 
ing to the flag is eligible or ineligible to be learned. 
[011 9] Figs. 8 and 9 relate to a layer 3 switching meth- 
od for layer 3 forwarding an individual packet from a sta- 
tion I, connected to a network such as the network of 

35 Fig. 6, via a network element A, to a station II which is 
reachable from network element A. In the method of 
Figs. 8 and 9, the packet's layer 2 destination includes 
the layer 2 address of either a station or of any router 
within the network. The network element A does not 

40 necessarily know which layer 2 addresses belong to 
routers and which do not. The method including provid- 
ing network element A with a capability to perform a rout- 
ing function on a packet, the routing function comprising 
routing the packet from station I to station II and per- 

45 forming a routing function on said individual packet, at 
network element A. 

[0120] Fig. 8 is a simplified flowchart illustration of 
packet flow in a network element such as network ele- 
ment A of Fig. 6. 

so [0121] IP?(step510)-Theframeisidentifiedasbeing 
of type IP. For example, on Ethernet networks, a frame 
with Ethertype 0x800 carries an IP packet. 
[0122] ARP? (step 520) - The frame is identified as 
being of type ARP. For example, on Ethernet networks, 

55 a frame with Ethertype 0x860 carries an ARP packet. 
[01 23] MAY LEARN SENDER? (step 525) - The I P ad- 
dress of the sender station (as held in the ARP packet) 
is checked against the learning control table 470 of Fig. 



10 



EP 0 980 167 A1 



20 



7C to determine whether or not it is allowed to learn this 
address. 

[0124] In step 530 (Learn Sender IP), the method 
reads sender IP address from the ARP message in the 
packet. The method finds, in IP-table 450 (Fig. 7A) the 
record corresponding to this IP address. If there is no 
such record in the table then the method creates one. 
The method reads the source MAC address from the 
sender hardware address field of the ARP message in 
the packet. This MAC address is written into the MAC 
address field of that IP-table record. The record is 
marked as learned by setting the "learned flag" of the 
record in IP table 450 of Fig. 7A. Optionally, if VLANs 
are supported, the ID of the VLAN from which the ARP 
message was received is written into the VLAN ID field 
of that IP-table record. 

[0125] UNICAST? (step 540) - The packet is a unicast 
packet if its destination MAC-address is a unicast MAC 
address. 

[01 26] NORM AL I P PACKET (step 550) - The I P pack- 
et is valid according to the definition in RFC 1812. In 
addition, the IP packet is of version 4, does not contain 
any IP options and TTL is greater than 1. 
[0127] Optionally, in step 560 (Refresh Src IP), the 
source IP address is read from the IP header of the 
packet. The method finds in IP-table 450 (Fig. 7A) the 
record corresponding to this IP address. If there is no 
such record in the table then the method does nothing 
and does not create one. If such a record exists, then 
the source MAC address is read from the MAC header 
of the packet. If this MAC address is different than the 
MAC address field of that I P-table record then the meth- 
od does nothing and does not update the record. If this 
MAC address is equal to the MAC address field of that 
IP-table record then the method refreshes the record by 
setting the record's "learned flag", in the table 450 of Fig. 
7A, thereby to mark the record as "learned". 
[0128] In step 570 (dest MAC unknown), the destina- 
tion MAC address of the packet is either found or not 
found in the MAC-table 460 of Fig. 7B. 
[0129] In step 580 (dest MAC on-segment), the port 
corresponding to the destination MAC address of the 
packet in the MAC table 460 of Fig. 7B is or is not equal 
to the port from which the packet was received. 
[0130] In step 590 (discard packet), the packet is not 
forwarded. 

[0131] In step 600, the IP-table 450 of Fig. 7A is 
searched in order to find a record that matches the des- 
tination IP address of the packet. 
[0132] In step 610, if a record matching the destina- 
tion IP address of the packet was found in IP-table 450 
by step 600 then do step 620. Otherwise, do step 650. 
[0133] In step 620 (MAC = dest MAC), the destination 
MAC address of the packet is or is not equal to the MAC 
address corresponding to the destination IP address of 
the packet, as found in the IP-table 450 of Fig. 7A. 
[0134] IP FORWARDING (step 630) - typically, the 
standard I P forwarding function as defined in RFC 1 81 2, 



including: 

(a) decrementing TTL by one and updating the IP 
checksum accordingly; 

s (b) Replacing the destination MAC address with the 
MAC address found in the record in IP-table 450 of 
Fig. 7A corresponding to dest-IP; and 
(c) replacing the source MAC address with the MAC 
address of the present switch itself. If the switch has 

io multiple MAC addresses, the method uses the one 
appropriate to the VLAN on which the packet is to 
be sent. 

[0135] MAC SWITCHING (step 650) - the standard 
'5 MAC switching function as defined in IEEE standard 
802. 1D, including learning and updating the MAC-table 
460 of Fig. 7B. 

[0136] Fig. 9 is a simplified flowchart illustration of a 
preferred flow control sequence in a network element 

20 such as network element A of Fig. 6. 

[0137] At timer call (step 700) indicating that a prede- 
termined period of time such as 30 sec has elapsed, the 
sequence proceeds to step 705. 
[0138] Decision 705 (Aging time?) is typically positive 

25 if e.g. 5 hours have passed since the last time the aging 
process was performed on the IP table 450 of Fig. 7A, 
and negative otherwise. If sufficient time has passed, 
do step 720, otherwise do nothing (step 710). 
[0139] Step 720 (IP-table aging) - repeat steps 730 - 

so 750 for each record (i.e. entry) in IP table 450 of Fig. 7A. 
[0140] Decision 730 (Marked learned?) - is typically 
positive if the IP table record presently checked was 
marked as learned by step 530 or step 560. This is iden- 
tified by the "learned flag" of the record being set. 

35 "Learned flag" is one of the fields of the IP table 450 of 
Fig. 7A. 

[0141] Step 740: Th e "learned flag " field in the I P table 
450 of Fig. 7A is cleared. 

[0142] Step 750 (Delete entry from IP-table) - Delete 
40 the currently examined record from the IP table 450 of 
Fig. 7A. 

[0143] It is appreciated that hardware components of 
the present invention may be implemented in software 
and vice versa. Software components of the present in- 
45 vention may, if desired, be implemented in ROM (read- 
only memory) form. 

[0144] It is appreciated that various features of the in- 
vention which are, for clarity, described in the contexts 
of separate embodiments may also be provided in corn- 
so bination in a single embodiment. Conversely, various 
features of the invention which are, for brevity, described 
in the context of a single embodiment may also be pro- 
vided separately or in any suitable subcombination. 
[0145] It will be appreciated by persons skilled in the 
55 art that the present invention is not limited to what has 
been particularly shown and described hereinabove. 
Rather, the scope of the present invention is defined on- 
ly by the claims that follow: 
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Claims 

1. A method by which a network element, having a plu- 
rality of ports, performs layer 3 forwarding within a 
network comprising at least one router, the method 
CHARACTERIZED BY THE STEPS OF: 

for each router in the network, identifying at 
least one of the plurality of ports, via which the 
router is reachable, as an upstream port with 
respect to the router, and identifying at least 
one other ports as downstream ports with re- 
spect to the router; and 
upon receiving a packet whose layer 2 destina- 
tion is the router, performing layer 3 forwarding 
if the network element is in possession of for- 
warding information indicating that the packet's 
layer 3 destination is reachable via any of the 
downstream ports with regard to the router. 

2. A method according to claim 1 CHARACTERIZED 
I N THAT the packet has a layer 3 source and a layer 
3 destination which are in different subnets. 

3. A method according to claim 1 FURTHER CHAR- 
ACTERIZED BY THE STEP OF learning said for- 
warding information. 

4. A method according to claim 1 CHARACTERIZED 
IN THAT the forwarding information comprises the 
VLAN ID corresponding to the layer 3 destination of 
the packet. 

5. A method according to claim 1 CHARACTERIZED 
IN THAT the forwarding information comprises the 
layer 2 address corresponding to the layer 3 desti- 
nation of the packet. 

6. A method according to claim 1 CHARACTERIZED 
IN THAT the forwarding information is learned at 
least partly by analyzing packets passing though 
the network element. 

7. A layer 3 forwarding method for layer 3 forwarding 
an individual packet from a station I to a station II 
wherein the packet's layer 2 destination comprises 
a router within the network which is reachable from 
a network element A via which stations 

I and II are connected to the network, the rout- 
er storing ARP information, the method CHARAC- 
TERIZED BY THE STEPS OF: 

providing network element A with a capability 
to perform layer 3 forwarding of a packet from 
station I to station II, wherein said providing 
step comprises learning, on the part of network 
element A, of forwarding information used by 
the router to forward packets from station I to 



station II, by reading said ARP information of 
the router; and 

performing layer 3 forwarding on said individual 
packet, at network element A. 

5 

8. A method according to claim 7 wherein said step of 
reading said ARP information comprises using an 
SNMP mechanism to read said ARP information. 

io 9. A method by which a network element, having a plu- 
rality of ports, performs layer 3 forwarding, using 
forwarding information, within anetwork comprising 
at least one router, the method CHARACTERIZED 
BY THE STEPS OF: 

15 

upon receiving a packet, determining whether 
or not the packet requires layer 3 forwarding, 
without using any information regarding the 
identity of the router; and 
20 performing layer 3 forwarding if the packet re- 

quires layer 3 forwarding and if all necessary 
forwarding information is available, and per- 
forming layer 2 forwarding otherwise. 

25 10. A method according to claim 9 wherein the layer 3 
source of the packet and the layer 3 destination of 
the packet are in different subnets. 

11 . A method according to claim 9 and also comprising 
so learning forwarding information useful for perform- 
ing said layer 3 forwarding step. 

12. A method according to claim 9 wherein the forward- 
ing information comprises the VLAN ID correspond- 

35 ing to the layer 3 destination of the packet. 

13. A method according to claim 9 wherein the forward- 
ing information comprises the layer 2 address cor- 
responding to the layer 3 destination of the packet. 

40 

14. A system by which a network element, having a plu- 
rality of ports, performs layer 3 forwarding within a 
network comprising at least one router, the system 
CHARACTERIZED BY: 

45 

a port identifier operative, for each router in the 
network, to identify at least one of the plurality 
of ports, via which the router is reachable, as 
an upstream port with respect to the router, and 
so to identify at least one other ports as down- 

stream ports with respect to the router; and 
a layer 3 forwarding unit operative, upon receiv- 
ing a packet whose layer 2 destination is the 
router to perform layer 3 forwarding if the net- 
55 work element is in possession of forwarding in- 

formation indicating that the packet's layer 3 
destination is reachable via any of the down- 
stream ports with regard to the router. 
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15. A layer 3 forwarding system for layer 3 forwarding 
an individual packet from a station I to a station II 
wherein the packet's layer 2 destination comprises 
a router within the network which is reachable from 
a network element A via which stations I and II are s 
connected to the network, the router storing ARP 
information, the system CHARACTERIZED BY: 

a learning unit operative to provide network el- 
ement A with a capability to perform layer 3 for- 10 
warding of a packet from station I to station II, 
wherein said providing step comprises learn- 
ing, on the part of network element A, of for- 
warding information used by the router to for- 
ward packets from station I to station II, by read- ?s 
ing said ARP information of the router; and 
at network element A, a layer 3 forwarding unit 
for layer 3 forwarding of said individual packet. 
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FIG. 1 



^ -10 

PROVIDE NETWORK ^ 
INCLUDING STATION I, CONNECTED VIA NETWORK ELEMENT 
A CAPABLE OF PERFORMING THE ROUTING FUNCTION FOR AT LEAST 
SOME PACKETS, STATION II, CONNECTED VIA NETWORK ELEMENT B AND 
BELONGING TO DIFFERENT SUBNET THAN STATION I, AND ROUTER 
REACHABLE FROM NETWORK ELEMENTS A AND B VIA A 
COMMON ANCESTOR ELEMENT C. 



ANCESTOR ELEMENT C ANALYZES PACKETS PASSING THROUGH IT 
AND/OR ANALYZES ARP- OR IP-PACKETS ORIGINATING AT STATION II 
AND RECEIVED AT ELEMENT C, THEREBY TO LEARN FORWARDING 
INFORMATION USEFUL FOR FORWARDING PACKETS FROM STATION I 
TO STATION II (e.g. LAYER 2 ADDRESS OF STATION II) TILL ELEMENT 
C IS CAPABLE OF ROUTING PACKETS FROM STATION I TO STATION II. 



r 



ELEMENT A RECOGNIZES THAT STATION II AND THE ROUTER ARE 
REACHABLE THROUGH THE SAME PORT, THEREBY TO REFRAIN FROM 
LEARNING FORWARDING INFORMATION USEFUL FOR FORWARDING 
PACKETS TO STATION II EVEN IF SUCH INFORMATION COULD BE 
LEARNED BY ELEMENT A BY ANALYZING PACKETS, SUCH THAT 
ELEMENT A IS NOT CAPABLE OF ROUTING PACKETS TO STATION II. 



ANCESTOR ELEMENT C PERFORMS ROUTING FUNCTION ON PACKET 
WHOSE LAYER 2 DESTINATION COMPRISES ROUTER, WITHOUT ANY 
ROUTING FUNCTION ON PACKET BEING PERFORMED BY ELEMENT A. 
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FIG. 2A 



ROUTER 

MAC ADDRESS: 



0080D 1560873 



\ PORT 3 
SWITCH C 
PORT 2 ; PORT 



/ 



55 



SWITCH A 
MAC ADDRESS: 



0032EC4-527A7 



50 



SWITCH B 
MAC ADDRESS: 



00284F5D8C24 



STATION III 



64 



STATION I 
IP ADDRESS: 



193.1.2.3 
MAC ADDRESS: 



00805AC469BO 



STATION II 

IP ADDRESS : 
156.33.1.1 
MAC ADDRESS: 



006A3407F62E 



-35 
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FIG. 2B 

IP-TABLE: 



IP ADDRESS 



193.1.2.3 
156.33.1.1 



MAC ADDRESS 



00805AC469BO 
006A3407F62E 



-70 



FIG. 2C 

MAC-TABLE: 



MAC ADDRESS 


PORT 


00805AC469B0 


1 


006A3407F62E 


2 


0080D156C873 


3 


0032EC4527A7 


1 


00284F5D8C24 


2 
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FIG. 3 




IP FORWARDING 
INCLUDING CHANGE SRC 
MAC TO ROUTER'S MAC 



MAC 

SWITCHING 
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FIG. 4 




FIG. 5 
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ROUTER 2 

MAC ADDRESS: 



FIG. 6 



008B890ED326 
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STATION II 

IP ADDRESS : 
156.33.1.1 
MAC ADDRESS: 
006A3407F62E 



J 
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ROUTER 1 
MAC ADDRESS: 



0080D156C873 



PORT 4 ; PORT 3 

SWITCH A 

PORT 2 i PORT 1 
VLAN 5 VLAN 8 
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STATION I 
IP ADDRESS: 



193.1.2.3 
MAC ADDRESS : 
00805AC469B0 



FIG. 7 A 

IP-TABLE: 



IP ADDRESS 


MAC ADDRESS 


VLAN ID 


LEARNED FLAG 


193.1.2.3 
156.33.1.1 


00805AC469BO 
006A3407F62E 


8 
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CLEAR 
SET 



-450 



FIG. 7B 

MAC-TABLE: 



FIG. 7C 

LEARNING CONTROL TABLE: 



MAC ADDRESS 


PORT 


00805AC469B0 


1 


006A3407F62E 


2 


0080D156C873 


3 


008B890ED326 


4 
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IP ADDRESS 


MASK 


193.1.2.3 
156.33.1.1 


255.255.255.0 
255.255.0.0 



/ 



18 



EP 0 980 167 A1 




19 



EP 0 980 167 A1 



FIG. 9 
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